# [04:24] <TabAtkins> But they're now explicitly proprietary, with no pretense of being able to be parsed safely by a generic parser.

# [04:24] <TabAtkins> Unlike the situation with comments, where the structure *would* be parsed by a generic parser, just incorrectly (because it didn't know how to obey the instructions embedded in the comments).

# [04:27] <Hixie> so what you're saying is that they removed both the possibility of comments and the safe extension mechanism at the same time

# [04:30] <TabAtkins> That was the point - JSON wasn't supposed to ever be extended.

# [04:32] <TabAtkins> After all, it very purposely is a lowest common denominator. It includes only things that *every* non-pathological language has and can understand. Allowing extensions would inevitably lead to complexity creep, and make it difficult/impossible to use as a truly universal data-interechange format.

# [04:45] <TabAtkins> Because that's precisely what existed in the wild - parsers that understood non-JSON extensions. Pretending they didn't exist wouldn't have served any point, but making it so that their extensions would cause a normal JSON parser to abort kept the infection from ever spreading far enough to be a de facto language extension.

# [04:56] <cardona507> I am trying to style my markup in columns - I am using <section> but for some reason I can't style it- do I wrap it in a <div> and style the div? Does that defeat the point of <div>?

# [12:18] <AryehGregor> Hixie, isn't specifying things like how to parse a nonnegative integer algorithmically going a little too far? Couldn't you just give it in some sort of BNF like <*whitespace "+"? 1*digit garbage> and say to return an error if it doesn't match the pattern, and otherwise return the value given by 1*digit parsed as a decimal number? Actually, I notice you don't seem to use formal grammars anywhere in the spec.

# [12:18] <Lachy> yeah, I always found it intriguing how the HTMLWG thinks it has total authority over the content of the spec and is entitled to such privliges, despite supposedly working with the WHATWG

# [12:19] <AryehGregor> Formal grammars are just as precise as algorithms, and typically easier to read, so unless they can't meet HTML 5's error-handling requirements, I don't see why algorithms would be preferred.

# [12:20] <Hixie> AryehGregor: a grammar doesn't tell you how to interpret the value, only how to check if it's valid or not.

# [12:20] <AryehGregor> I was actually trying to implement the real number parsing in PHP for MediaWiki (to ensure consistent client-/server-side parsing of <input type=number>), but gave up because the algorithm given is ridiculous in a language like PHP and the only sane thing to do was try to convert it to regex.

# [12:20] <AryehGregor> Hixie, it breaks it into pieces for you, and you can then assign meaning to the pieces.

# [12:21] <AryehGregor> In this case, "parse the 1*digit bit as a decimal integer, and ignore the rest".

# [12:22] <Hixie> you aren't supposed to implement the algorithms line for line

# [12:22] <Hixie> translate the algorithms into whatever is the most optimal implementation for your language

# [12:24] <AryehGregor> In my case the usual way to do it would be regex, which is a lot closer to BNF than the C-style algorithm you give. I should think it would be easier to translate from BNF into a C-style algorithm than the reverse.

# [12:26] <AryehGregor> annevk3, I tried briefly. To be honest, in the end I mostly gave up because I didn't want to use it unless I had a test suite that would confirm I didn't botch things much. I'm sure I'll return to it and figure it out, but most specs use BNF and it seems both shorter and easier to read to me, and no less precise.

# [12:26] <Hixie> i was saying that if you use algorithms everywhere but some of them also use a grammar, you end up with an inconsistent style

# [12:27] * Hixie isn't a big fan of formal grammars because for anything but the simplest of syntaxes, they simply aren't readable, nor do they actually define the semantics, nor do they make error handling even remotely sane to specify

# [12:32] <Lachy> Hixie, the spec seems to lack clear authoring requirements for using SVG and MathML in HTML. It seems that authors have to derive the requirements from the implementation requirements

# [12:51] <Lachy> also describe that the attributes xlink:actuate, xlink:arcrole, xlink:href, xlink:role, xlink:show, xlink:title, xlink:type, xml:base, xml:lang and xml:space can be used on foreign elements and must use those prefixes

# [12:51] <Lachy> and that declaring the xmlns and xmlns:xlink attributes on SVG elements is optional

# [14:18] <da3d> That seems odd to me, because I never thought of <nav> as a type of section. It confused me when I tried the outliner last night (I thought the untitled section had something to do with an <article>).

# [14:30] <da3d> I'd consider that to be generally bad authoring (unless it's an <aside> pull-out quote or something). Web apps like Gmail might be a bit different, but I'd at least some of those to have headings.

# [14:32] <Lachy> Maybe it would help if the outliner generated default implied headings for sectioning elements like <nav>. Something like "Untitled Navigation Section", or simply "Navigation". I don't think this really needs to be defined though, just an implementation feature.

# [17:17] <TabAtkins> The funny thing is, I *know* there's a lot of group theory behind Haskell. I *can* understand that, as long as you keep it in programming terms. The moment an explanation veers off into actual math I get lost until I can say "Oh, so it's just function x being lifted and applying to two argument" or whatever.

# [17:17] <TabAtkins> And then I go write it into my lisp utilities, because it's usually useful.

# [17:18] <AryehGregor> If it's usually useful, then either you aren't learning pure mathematics or you do very strange kinds of programming. :)

# [17:18] <TabAtkins> There's no such thing as math that can't be applied. ^_^

# [17:21] <TabAtkins> Also: I'm not sure why the background-position syntax is so restrictive. There are several 2 and 3 token cases that are disallowed by the grammar but that are perfectly unambiguous.

# [17:22] <AryehGregor> Then I think you'd be pretty hard pressed to find many direct applications of, say, . . . I don't want to name anything lest someone come up with an application.

# [17:27] <TabAtkins> Gah, so I can't find what I remember right now, but being as it can be used to address the solubility of polynomials, I'm going to guess that it's been applied to error-correcting codes.

# [17:35] <TabAtkins> If you have a cheap analytic method, of course you use it. But they're often rare.

# [17:35] <AryehGregor> TabAtkins, numerical methods are useless on the general three-body problem. Some solutions are chaotic. Any finite-precision numerical method will give you useless results for those cases.

# [17:35] <TabAtkins> On the other hand, there's totally a supercomputer in the other room...

# [17:46] <TabAtkins> I'm lucky that grades matter less in most places over here. I just don't mesh well with a lot of classes, so I ended up with bad grades anywhere that placed more emphasis on homework than tests.

# [17:51] <AryehGregor> Well, I don't know. The alternative is to be given money/services for free regardless of whether you're actually attending class and doing your work?

# [17:52] <jgraham> Yep. You loose out in the long term by getting a shitty degree and not being able to get a job

# [17:53] <jgraham> (actually the only person I knew at university who dropped out had previously been on a scholarship to Eton. He was bright but burned out by 18)

# [17:54] <gsnedders> (For those keeping track, basic answer from Southampton is to phone up the new CS admissions tutor once the post has been appointed after the current guy retiring this month, and try and work out what comprimise can be made for the maths)

# [17:58] <TabAtkins> That's the most important measure of code. Once a function gets longer than a screen, it's time to refactor. You can't really *understand* a function that you can't see all at once.

# [18:01] <TabAtkins> If you would like, you can use "head" as a unit of measurement. If your code is bigger than your head (pressed against the screen), it needs to be refactored. It amounts to roughly the same thing.

# [18:07] <gsnedders> jgraham: I was talking to several people and several of them were still saying I ought to apply for Oxbridge, if I manage to do something to get my maths up to scratch

# [18:09] <gsnedders> Basically, I'm not sure how much point there is in applying to many places in England as unless I got into either Oxbridge or Southampton, I'd rather go to Edinburgh (which I should get into on the basis of Highers alone)

# [18:12] <TabAtkins> You can't really talk about how many screens long a program is, after all. It just doesn't make much sense. But saying "each function should fit on the screen" promotes the ideal of refactoring and splitting out subfunctions rather than duplicating code.

# [19:04] <TabAtkins> The CSSWG wiki automatically knew my name, which was fun. ^_^ Then I had to sign up for a normal account anyway because the openid accounts weren't properly integrated into the editor page.

# [19:09] <AryehGregor> Dashiva, yes, people will do it, if it's what they use to authenticate to everything. They do it for their property deeds and so forth.

# [19:10] <AryehGregor> Philip`, if you sign up to my site and I remember your password, I now can log in as you to any site. Congrats. Or if I MITM you when you log in to any unsecured site.

# [19:10] <Dashiva> No, people do not sign their porn site subscriptions

# [19:10] <AryehGregor> Dashiva, a key is what, 8192 bits? You could store 10,000 pregenerated ones on one device for barely more cost than one. Have it use a different actual key for each site if you like, but the same device.

# [19:15] <AryehGregor> It's more secure than physical keys and so on as well.

# [19:16] <AryehGregor> Dashiva, you don't get security by giving up on the issue and just avoiding single points of failure. You get security by making sure there's only one point of failure, and it's *strong*.

# [19:17] <TabAtkins> Even considering the phishing possibilities, I consider the strengths of having a single password that you can make strong and use everywhere to be significant enough to be worthwhile.

# [19:17] <AryehGregor> Dashiva, and if you're using a public computer?

# [19:17] <Dashiva> Strong passwords are overrated, even a medium strength password is more than enough

# [19:21] <Lachy> The problem with password manager based solutions is that if you use lots of random passwords on the basis that you don't have to remember them all, you're reliant on your ability to always have the password manager available and never lose it

# [19:26] <Dashiva> The next solution would be minification so that the USB thing becomes an entire computer, you just attach it to a monitor, network and input devices

# [19:27] <AryehGregor> You could get the same benefit using home-directory encryption, which has lots of other nice benefits if an attacker gets hold of your computer. Or even full-disk encryption. Although those tend to have some performance overhead.

# [19:27] <AryehGregor> Dashiva, no. You want to keep your sensitive data in a device that's as simple to secure as possible. It should be impossible to run arbitrary code on it.

# [19:27] <TabAtkins> I don't notice too much problems with full-disk encryption, luckily. Large file transfers take a bit longer, but for normal use it's most unnoticeable.

# [19:27] <AryehGregor> Everything should be unchangeable down to the firmware.

# [19:28] <Dashiva> AryehGregor: You could have that device as part of it

# [19:28] <Lachy> OpenID can be secure if the user is careful to never reveal their openID password by using it on any other site, and if they trust their open id provider and if they are resistant to phishing attacks

# [19:29] <Philip`> so the main benefit is you can choose a more secure login method without requiring a zillion sites to independently support it

# [19:29] <Lachy> I want to set up and run my own personal openid server, which would mean that I can control the login and make it as secure as possible, while being virtually invulnerable to phishing attacks

# [19:29] <TabAtkins> You can authenticate however you feel like. Which is one of the nice things about it - you don't need to rely on the website to be secure.

# [19:29] <AryehGregor> Dashiva, PKA is immune to phishing in the sense of being able to steal someone's login info.

# [19:30] <TabAtkins> Lachy: if you have PHP, there's a really simple two-file server that takes all of 5 minutes to get running.

# [19:30] <Dashiva> "We are upgrading your device. Please send it to us, together with the password"

# [19:30] <Lachy> TabAtkins, yeah, I found some on openidenabled.com that I will look into

# [19:38] <Lachy> btw, did someone go through all the registerred users in the whatwg blog and delete all the spammer accounts? When I looked today, there were only about 30 accounts of relatively trusted people

# [19:38] <AryehGregor> People aren't inclined to give out sensitive info per se. They're only inclined to give out info that they reasonably expect someone else should have reason to want.

# [19:43] <TabAtkins> I don't see why not. You don't get as *comprehensive* of a scheme, but using PKA as a secure way of establishing identity without actually compromising your identity should be fine.

# [19:44] <AryehGregor> TabAtkins, it would hardly be an improvement over password managers if the private keys remained on your computer.

# [19:45] <TabAtkins> I'm much less concerned about your computer being compromised, precisely because it *does* require a very complete idea of security and will be defeated anyway by the first idiot that sticks an untrusted usb in his computer, and also because it's simply less common.

# [19:45] <TabAtkins> But you could certainly also use a usb-mounted program which communicates with the openid page.

# [19:46] <AryehGregor> Sure. But in that case, you may as well just use a password manager.

# [20:18] <Lachy> if I wanted to to a fresh installation next time, does it just require extracting to a new directory, copying AdminSettings.php, LocalSettings.php and .htaccess across and running the update script the same way?

# [20:20] <Lachy> AryehGregor, how about I just give you shell access to wiki.whatwg.org and you can handle the wiki upgrades for us?

# [20:20] <AryehGregor> MediaWiki is weird because we don't mostly develop it for the sake of releasing it. It's mainly for Wikipedia.

# [20:20] <AryehGregor> So niceties like a usable, well-documented upgrade procedure tend to go by the wayside.

# [20:21] <AryehGregor> Wikipedia doesn't even use the update script, it would kill the site for hours. Schema updates get applied manually.

# [20:21] <AryehGregor> Lachy, could do. I could upgrade it to a 1.16alpha version that uses HTML 5, in fact. :) But the problem is, I don't know right now if I'll have the time as of a few days from now. So I don't want to commit to anything.

# [20:21] <Lachy> does the update script make changes to the database structure?

# [20:32] <TabAtkins> It appeared to be a pretty standard LCD, so I would assume so.

# [20:32] <AryehGregor> You can compress a screenful in less than 17 ms, surely.

# [20:32] <TabAtkins> The engadget report quoted them as saying that the only weakness is trying to use them while doing high-end gaming, as the game chews up too much cpu to let the compression run smoothly.

# [20:32] <AryehGregor> But you can't rely on lossless compression. If the output is too hard to compress, you're going to introduce stuttering.

# [20:39] <AryehGregor> Especially if you don't antialias or such, I guess.

# [20:39] <TabAtkins> Yeah, that would make it even better, but still. a screen of text is still *mostly* just the background color.

# [20:40] <TabAtkins> Also: Phase 1 of my radial-gradient() parser is complete. Now I begin the transformer that will take the parsed values and figure out the parameters I need for generating an image.

# [20:40] <Philip`> What do you do when the user views a PDF brochure with text on some swishy fading photo background?

# [20:41] <Philip`> (It's no good having a monitor that only works for easy cases, and turns into unreadable mush once a month when you do something unusual)

# [20:42] <TabAtkins> I dunno. I'm not a wireless-monitor manufacturer. But at least one company is apparently confident they can do it.

# [20:42] <Philip`> You mean, one company's PR department is confident they can do it?

# [20:43] <TabAtkins> Though it looks like I'll have to use normal monitors for now anyway, as I don't think there will be anything in my price range by November.

# [20:49] <TabAtkins> AryehGregor: They can learn to fake it, and be relatively normal.

# [20:50] <Philip`> AryehGregor: It's fine until you alt-tab in your fancy windowing system and it fades out the screen in a way that the delta compressor can't recognise and suddenly everything slows to a crawl